Some people here may remember the presentation on eIDs at a previous RIPE meeting. https://labs.ripe.net/Members/chrisb/engaging-with-eu-legislative-process A draft Commission document which mentions eIDs has recently been “leaked”. http://www.politico.eu/wp-content/uploads/2016/04/Platforms-Communication.pd... See in particular the top of page 12. I understand from folk within the bubble (the Brussels/EU bubble) that this kind of thing is now seen as a way of testing the reaction of experts, of those really interested, before proceeding. So any prompt reaction, and this could be individual reactions rather than the reactions of organisations, may be useful. Indeed any reaction now may more useful than when the Commission has taken a formal position on the proposal and when the services are naturally obliged to defend it. This item from The Register - http://www.theregister.co.uk/2016/04/29/eu_login_youtube_national_id_card/ - would suggest that one person to write to is the Estonian Commissioner. Regards, Gordon
Thanks Gordon, What is irritating with just that snippet on top of page 12 you reference is that they say in more or less the same sentence that it is important to decide who to trust, while one should be told to trust whatever eID Brussels decides on. Thats a contradiction in terms. There are too many "trust" issues where Brussels think the path forward is to tell people what to trust. Incident reporting, how CERTs are managed and get their information and eID. Just to mention a few. Thats not how trust is built up. And specifically not how trust is moved from trust between individuals to trust between organizations. Patrik On 30 Apr 2016, at 23:00, Gordon Lennox wrote:
Some people here may remember the presentation on eIDs at a previous RIPE meeting.
https://labs.ripe.net/Members/chrisb/engaging-with-eu-legislative-process
A draft Commission document which mentions eIDs has recently been “leaked”.
http://www.politico.eu/wp-content/uploads/2016/04/Platforms-Communication.pd...
See in particular the top of page 12.
I understand from folk within the bubble (the Brussels/EU bubble) that this kind of thing is now seen as a way of testing the reaction of experts, of those really interested, before proceeding.
So any prompt reaction, and this could be individual reactions rather than the reactions of organisations, may be useful.
Indeed any reaction now may more useful than when the Commission has taken a formal position on the proposal and when the services are naturally obliged to defend it.
This item from The Register - http://www.theregister.co.uk/2016/04/29/eu_login_youtube_national_id_card/ - would suggest that one person to write to is the Estonian Commissioner.
Regards,
Gordon
Well, I have read parts of it, but one thing that did pop out was this sentence: "[...]In particular, online platforms need to accept credentials issued or recognized by national public authorities, such as electronic ID cards, citizen cards, bank cards or mobile IDs.[..]" I think that this creates a big security risk. In the Netherlands, this "trust" means that there will be a single point of failure: The authentication server, called "digi-d". This is a server where we have to log in every year for doing our tax report, and every year they have issues with DDoS due to people filling in their taxes. On top of that, when authenticated you have all the information on your passport + you can even use this form of authentication to legally "sign" documents. All you need to do is intercept 2 paper mails (one with username, one with password) and you can fill in all the paperwork for that person. At my job we have an "authentication" system that the EU desires already in place. You can log in with any credential you want (they are constantly adding new ones), and based on how you log in you get a different "clearance" rating. If you log in with an eID for example, you get a higher clearance rating than logging in with google ID. Based on the website that uses this system you get a different ID number, and only the authentication system itself knows who this user is (and can send emails to that user). The websites itself don't know who logged in, they only know an ID number and what the user shared with them. That way you can use your google ID for example to make an appointment with the municipality (if you have connected your google ID to your eID) but to make changes you still need to log in using your eID (due to the clearance level not being high enough). What I find the biggest issue with these "eID" from brussels is the fact that it is too easy to track them back to a particular user. You will always need to use the same identification method, and if someone steals your identity card + password they can basically steal your complete identity. Not only that, governments can track you down for writing down your ideas online. This has been happened before with Twitter, and I am pretty sure that advocating a Single Sign On (SSO) will make this even worse. I feel that this is going the same way as in China, where you have a "digital identity" that everyone can use to contact you, and when that "digital identity" leads to violations, then they simply have to trace it back to its owner. I am not sure if people like to visit Facebook with their identity card. Or use Twitter with their real name. What if they decide that when you want to be on the internet, you need to log in first? What if one of those SSO systems goes down, gets hacked (think Diginotar) or even fails to protect its users? "Freedom of Speech" is something that I think should be cared for, and that also means the possibility to have something that is not a single point of failure. I think that the EU should advocate an universal log-in system like U2F that can be used by everyone without having a single authentication system that needs to be monitored by the EU. The SSO that the EU advocates can quickly become something that directly comes out of a book from George Orwell. Without a single point of failure, or a single point of "trust", only then you can be sure that privacy is ensured. That way people can securely browse the internet without having to rely on state-issued identification tokens to browse the internet. Julius ter Pelkwijk On Sun, May 1, 2016 at 6:12 AM Patrik Fältström <paf@frobbit.se> wrote:
Thanks Gordon,
What is irritating with just that snippet on top of page 12 you reference is that they say in more or less the same sentence that it is important to decide who to trust, while one should be told to trust whatever eID Brussels decides on.
Thats a contradiction in terms.
There are too many "trust" issues where Brussels think the path forward is to tell people what to trust. Incident reporting, how CERTs are managed and get their information and eID. Just to mention a few.
Thats not how trust is built up. And specifically not how trust is moved from trust between individuals to trust between organizations.
Patrik
On 30 Apr 2016, at 23:00, Gordon Lennox wrote:
Some people here may remember the presentation on eIDs at a previous RIPE meeting.
https://labs.ripe.net/Members/chrisb/engaging-with-eu-legislative-process
A draft Commission document which mentions eIDs has recently been
“leaked”.
http://www.politico.eu/wp-content/uploads/2016/04/Platforms-Communication.pd...
See in particular the top of page 12.
I understand from folk within the bubble (the Brussels/EU bubble) that
this kind of thing is now seen as a way of testing the reaction of experts, of those really interested, before proceeding.
So any prompt reaction, and this could be individual reactions rather
than the reactions of organisations, may be useful.
Indeed any reaction now may more useful than when the Commission has
taken a formal position on the proposal and when the services are naturally obliged to defend it.
This item from The Register -
http://www.theregister.co.uk/2016/04/29/eu_login_youtube_national_id_card/ - would suggest that one person to write to is the Estonian Commissioner.
Regards,
Gordon
On 1 May 2016, at 13:38, Julius ter Pelkwijk <pelkwijk@gmail.com> wrote:
I think that the EU should advocate an universal log-in system....
NO! A MILLION, TRILLION, BAZILLION TIMES NO! The EU should not be advocating any form of universal electronic identity token at all. Ever. No government should do that. And neither should anyone else. Despite what our google/facebook/apple/M$/etc overlords would like us all to believe, the holy grail of universal single sign on (USSO) is an impossible fantasy. Framing a discussion on USSO around how to make it less intrusive or more privacy-friendly or less exposed to DoS or accommodate multiple trust anchors or whatever misses the point completely. Assuming these systems could ever be made to work, their benefits are grossly outweighed by their disadvantages and risks. IMO that has to be the message which needs to be heard and understood by legislators. I hope this WG will be up to that challenge.
Dear all, I can't claim I am an expert on eID systems in general, or on the eID regulatory framework that the EU put in place about a year and a half ago specifically (it's the "eIDAS Regulation"), and for clarity I cannot, as an official of the EU, comment on leaks (European Commission rules - not that I necessarily agree with this particular rule, but it is what it is). However, my limited understanding of the eIDAS framework is that it does not impose the use of any particular electronic Identification, Authentication or Signature (that's what "eIDAS" stands for) system, but rather creates a security baseline and interoperability obligations for EU Member States in order to ensure mutual recognition of different systems across the EU. If people have concerns about this particular field of EU policy, I think it would indeed be great to raise them so that colleagues in Brussels (and in national capitals, too - let's not forget that the eIDAS Regulation was adopted via the "ordinary legislative procedure", which means that both the European Parliament and the Council, i.e. Member States' governments, approved it) are aware of the concerns and can clarify misunderstandings, if indeed there are any. You can find more information on eIDAS at https://ec.europa.eu/digital-single-market/en/trust-services-and-eid, and you contact the colleagues in the "eIDAS Task Force" at CNECT-TF-eIDAS-LT@ec.europa.eu. I seem to remember that the Head of the Task Force, Andrea Servida, did give a presentation on the topic at a RIPE meeting some time ago, but I might well be wrong. One word of friendly advice: although as EU officials we are obliged to respond to all queries by EU citizens within 15 working days (unless they are manifestly baseless, repetitive, etc - I once got an email asking why the European Commission was scheming with the Reptilians to bring about the fall of Western Civilization, and I honestly didn't known what to answer as I first would have needed to demonstrate I was not a Reptilian fifth column myself) it is always more efficient if similar questions / comments are grouped together in one single message. Just common sense I guess. I hope this helps, Andrea Sent from my iPad
On May 1, 2016, at 08:39, Julius ter Pelkwijk <pelkwijk@gmail.com> wrote:
Well, I have read parts of it, but one thing that did pop out was this sentence: "[...]In particular, online platforms need to accept credentials issued or recognized by national public authorities, such as electronic ID cards, citizen cards, bank cards or mobile IDs.[..]"
I think that this creates a big security risk. In the Netherlands, this "trust" means that there will be a single point of failure: The authentication server, called "digi-d". This is a server where we have to log in every year for doing our tax report, and every year they have issues with DDoS due to people filling in their taxes. On top of that, when authenticated you have all the information on your passport + you can even use this form of authentication to legally "sign" documents. All you need to do is intercept 2 paper mails (one with username, one with password) and you can fill in all the paperwork for that person.
At my job we have an "authentication" system that the EU desires already in place. You can log in with any credential you want (they are constantly adding new ones), and based on how you log in you get a different "clearance" rating. If you log in with an eID for example, you get a higher clearance rating than logging in with google ID. Based on the website that uses this system you get a different ID number, and only the authentication system itself knows who this user is (and can send emails to that user). The websites itself don't know who logged in, they only know an ID number and what the user shared with them. That way you can use your google ID for example to make an appointment with the municipality (if you have connected your google ID to your eID) but to make changes you still need to log in using your eID (due to the clearance level not being high enough).
What I find the biggest issue with these "eID" from brussels is the fact that it is too easy to track them back to a particular user. You will always need to use the same identification method, and if someone steals your identity card + password they can basically steal your complete identity. Not only that, governments can track you down for writing down your ideas online. This has been happened before with Twitter, and I am pretty sure that advocating a Single Sign On (SSO) will make this even worse.
I feel that this is going the same way as in China, where you have a "digital identity" that everyone can use to contact you, and when that "digital identity" leads to violations, then they simply have to trace it back to its owner. I am not sure if people like to visit Facebook with their identity card. Or use Twitter with their real name. What if they decide that when you want to be on the internet, you need to log in first? What if one of those SSO systems goes down, gets hacked (think Diginotar) or even fails to protect its users? "Freedom of Speech" is something that I think should be cared for, and that also means the possibility to have something that is not a single point of failure.
I think that the EU should advocate an universal log-in system like U2F that can be used by everyone without having a single authentication system that needs to be monitored by the EU. The SSO that the EU advocates can quickly become something that directly comes out of a book from George Orwell. Without a single point of failure, or a single point of "trust", only then you can be sure that privacy is ensured. That way people can securely browse the internet without having to rely on state-issued identification tokens to browse the internet.
Julius ter Pelkwijk
On Sun, May 1, 2016 at 6:12 AM Patrik Fältström <paf@frobbit.se> wrote: Thanks Gordon,
What is irritating with just that snippet on top of page 12 you reference is that they say in more or less the same sentence that it is important to decide who to trust, while one should be told to trust whatever eID Brussels decides on.
Thats a contradiction in terms.
There are too many "trust" issues where Brussels think the path forward is to tell people what to trust. Incident reporting, how CERTs are managed and get their information and eID. Just to mention a few.
Thats not how trust is built up. And specifically not how trust is moved from trust between individuals to trust between organizations.
Patrik
On 30 Apr 2016, at 23:00, Gordon Lennox wrote:
Some people here may remember the presentation on eIDs at a previous RIPE meeting.
https://labs.ripe.net/Members/chrisb/engaging-with-eu-legislative-process
A draft Commission document which mentions eIDs has recently been “leaked”.
http://www.politico.eu/wp-content/uploads/2016/04/Platforms-Communication.pd...
See in particular the top of page 12.
I understand from folk within the bubble (the Brussels/EU bubble) that this kind of thing is now seen as a way of testing the reaction of experts, of those really interested, before proceeding.
So any prompt reaction, and this could be individual reactions rather than the reactions of organisations, may be useful.
Indeed any reaction now may more useful than when the Commission has taken a formal position on the proposal and when the services are naturally obliged to defend it.
This item from The Register - http://www.theregister.co.uk/2016/04/29/eu_login_youtube_national_id_card/ - would suggest that one person to write to is the Estonian Commissioner.
Regards,
Gordon
There is a lot more to this draft than eIDs. It is worth slogging through it to get an idea of what the Commission thinks about this area in general. I guess nobody on this list actually runs e-mail services for third-parties - do they include mailing lists? There are some interesting things about portability there. Patrik, do I have your attention now? ;-) Anyway, and keeping it simple, there are various stages where one can try and make one’s wishes or concerns known in Brussels. The first stage is too often for those in the bubble. Lobbyists and the like. There are many lobbyists, very many lobbyists. And they work full-time. And of course they include ETNO and GSMA and so on. And you also have the “expert groups” and public consultations. It is still relatively rare though that a draft proposal is then leaked. Does this indicate that some folk are not happy? But this “leak” is very useful. You can now see much more clearly where the Commission is heading. Writing to your favourite Commissioner now might have an impact. It has to be very soon though. The machine is moving. Once the proposal has been adopted collectively then the Commission collectively has to defend it. After that it is a question of arguing - collectively? - through Parliament and Council? Writing now as an individual to the Commission, even on one particular point, obviously does not preclude joining in with any group response later to the Council or Parliament. Gordon
I do run e-mail services for third parties... Including mailing lists. Its a private non-profit invite-only system and its paid by donations from its users, but one of the biggest issues that I have with this is that when it becomes mandatory to "sign" your emails, nobody will use my system anymore because the username can be traced back to a physical person. Also, the term "doxing" will be a big issue for me since I store over 1.5 million emails/month just for a single service, and they include sensitive information about the user like username, location and email address. The system runs purely on emails that are generated by users, and in general send their emails from addresses that are specially made for this purpose. When a request comes in to "remove" a username from the system, I humbly request them to send me an email with that request, otherwise I am unable to trace the source back. If each username can lead to a physical person, then I have to secure my server on a different scale to prevent data leaks (and stalking). I even had to go to the cops for a data leak (thieves broke in the system and copied over 1 million emails), leaked it online and the cops just said "meeh", despite the fact that I had the offending IP address. What if those emails contained identity card signatures? They would still not be able to do something with it, but everyone would know who you were and what you have been doing online. Its a "goodbye privacy". An "username" is a very low way of confidentiality that a person is guaranteed to be that person. However, if the "username" has to be signed with his eID, then that username suddenly becomes something like your social security number: Nobody wants that piece of information to be sent to everyone, however regulations force you to give that piece of information to everyone. On Mon, May 2, 2016 at 3:27 PM Gordon Lennox <gordon.lennox.13@gmail.com> wrote:
There is a lot more to this draft than eIDs. It is worth slogging through it to get an idea of what the Commission thinks about this area in general.
I guess nobody on this list actually runs e-mail services for third-parties - do they include mailing lists? There are some interesting things about portability there.
Patrik, do I have your attention now? ;-)
Anyway, and keeping it simple, there are various stages where one can try and make one’s wishes or concerns known in Brussels.
The first stage is too often for those in the bubble. Lobbyists and the like. There are many lobbyists, very many lobbyists. And they work full-time. And of course they include ETNO and GSMA and so on.
And you also have the “expert groups” and public consultations.
It is still relatively rare though that a draft proposal is then leaked. Does this indicate that some folk are not happy?
But this “leak” is very useful. You can now see much more clearly where the Commission is heading. Writing to your favourite Commissioner now might have an impact. It has to be very soon though. The machine is moving. Once the proposal has been adopted collectively then the Commission collectively has to defend it.
After that it is a question of arguing - collectively? - through Parliament and Council?
Writing now as an individual to the Commission, even on one particular point, obviously does not preclude joining in with any group response later to the Council or Parliament.
Gordon
Then I suggest you - and Patrik? and others? - read what they say about such services. At one point they write: “In particular, many citizens complain about difficulties in switching email providers”. This is in the context of transferring "personal and non-personal data”. No, I don’t know what this is meant to imply. Somebody has a Yahoo account and wants to switch to Gmail? And take their (IMAP) archives with them and their e-mail address? I have heard Commission officials in the past talk about making e-mail addresses portable like telephone numbers. More importantly it is not always for the Commission to interpret any regulations: others do that. You cannot got back to the Commission - or Council or Parliament! - and ask what they really meant. So effort now to help get it right can pay off. Happy reading! Gordon
On 02 May 2016, at 15:52, Julius ter Pelkwijk <pelkwijk@gmail.com> wrote:
I do run e-mail services for third parties...
From what I understand with my limited amount of knowledge about laws:
Someone has an account with an ISP. They want to change their ISP, but don't want to lose all the data they have stored on the server. The onliest way to get this data out is to contact the ISP and then have a lengthy conversation on why you want your data out. Google does this with "google takeout", but I know a lot of ISP providers will simply cut off your email account when you switch to another ISP (therefore force you to stay with that particular ISP). On the context of eID, to identify yourself before you can even use a "personalized" email account (or even a personalized nickname) is cause for concern. Similar to asking for ID before you can buy a sim card. Its all "to prevent terrorism", but it does not solve anything other than forcing people to use their real identity or using a system that does not require you to use a real ID. This will only lead to providers of services asking for identification, which leads to more data leaks (with rather sensitive information this time), and people will need to use their ID card to log in (instead of using their private username/password). I think that the whole eID thing can be useful for shopping and identification purposes (for example when you want to open an account at the bank), but the way I see it is that they want to enable you to send your passport information to sites like Facebook and Amazon to "enhance" your experience and to keep trolls out. This on the other hand goes against the nature of "privacy", where you have the right to be anonymous. If eID is used, I would treat it as a "passport", and base the laws around the usage + storage of the data retrieved from that passport. I remember that Belgium was using an eID card in the form of a SIM card, and that it could be used in place of an "age coin" when you want to buy a pack of sigarettes or beer from the vending machines. The other way that it can go is that you need that eID to "identify" yourself if you want to use certain services, like accessing facebook. That one is a more tricky one, since it will force people to think about how much private personal information they are sharing with those websites. And if that website forces you to "sign" a legal document before you can enter the website, then many people will wonder why. Its a question that you need to ask to the privacy guru's: What are the privacy implications of using an electronic ID card that can be read online using a simple smart card reader? On Mon, May 2, 2016 at 6:19 PM Gordon Lennox <gordon.lennox.13@gmail.com> wrote:
Then I suggest you - and Patrik? and others? - read what they say about such services.
At one point they write: “In particular, many citizens complain about difficulties in switching email providers”. This is in the context of transferring "personal and non-personal data”.
No, I don’t know what this is meant to imply. Somebody has a Yahoo account and wants to switch to Gmail? And take their (IMAP) archives with them and their e-mail address?
I have heard Commission officials in the past talk about making e-mail addresses portable like telephone numbers.
More importantly it is not always for the Commission to interpret any regulations: others do that. You cannot got back to the Commission - or Council or Parliament! - and ask what they really meant. So effort now to help get it right can pay off.
Happy reading!
Gordon
On 02 May 2016, at 15:52, Julius ter Pelkwijk <pelkwijk@gmail.com> wrote:
I do run e-mail services for third parties...
On 2 May 2016, at 18:19, Gordon Lennox wrote:
At one point they write: “In particular, many citizens complain about difficulties in switching email providers”. This is in the context of transferring "personal and non-personal data”.
As you say between the lines...it is not problematic to swap email service providers. The problem is to switch email address. And the fact many providers do by default give out email addresses in their own domain, although you can also use your own (as for Google). Patrik
On 2 May 2016, at 15:26, Gordon Lennox wrote:
Patrik, do I have your attention now? ;-)
Yes... See you in Copenhagen? ;-) paf
The date on the draft would suggest that the text will be adopted when folks are in Copenhagen. So any conversations in Copenhagen would be based on this draft - and so irrelevant - or on the adopted text that nobody will have had the chance to read? If you or anyone else wants to react before adoption then that ought to be done now. But what do the co-chairs think? Gordon
On 02 May 2016, at 16:30, Patrik Fältström <paf@frobbit.se> wrote:
On 2 May 2016, at 15:26, Gordon Lennox wrote:
Patrik, do I have your attention now? ;-)
Yes...
See you in Copenhagen? ;-)
paf
Patrik Fältström wrote:
What is irritating with just that snippet on top of page 12 you reference is that they say in more or less the same sentence that it is important to decide who to trust, while one should be told to trust whatever eID Brussels decides on.
That snippet, and the paragraph before it, are very confused pieces of thinking.
In particular, online platforms need to accept credentials issued or recognised by national public authorities, such as electronic ID cards, citizen cards, bank cards or mobile IDs. [...] Further, the Commission will draw up a plan to strengthen public authorities' capacity to process and analyse large-scale data to support the enforcement of EU single market policies and to ensure platform users are more aware of the data collected by platforms and how it is used.
The paper then mention fake online reviews as being an example that deserves particular merit. In the long list of things which cause erosion of trust, fake online reviews are pretty far down. Apart from the concerns you mentioned, there is a complete lack of understanding about the stupidity of using: 1. very widely or universally accepted access credentials. The more widely accepted an access token is, the more damage you can do by compromising the token. 2. irrevocable tokens (e.g. biometrics in national ID cards) as trust credentials on the Internet. One of the centre-pieces of trust is that it can be revoked. If something cannot be untrusted, it should not be trusted in the first place. In either case, it would be pretty catastrophic if trust databases of this form were compromised. The more widely used a trust database is, the more valuable it is and the more likely it is to be viewed as an interesting target by threat actors, whether state or criminal. Overall, while the intentions of this suggestion cannot be doubted, the idea of mandating wide acceptance of eIDs seems to be an extremely unwise plan of action. Nick
On 1 May 2016, at 17:22, Nick Hilliard wrote:
2. irrevocable tokens (e.g. biometrics in national ID cards) as trust credentials on the Internet. One of the centre-pieces of trust is that it can be revoked. If something cannot be untrusted, it should not be trusted in the first place.
Note though that this conclusion of yours, which I agree with, does not imply revocation lists must exists. It might be that the time to live on the validation one do is short. After that, it must be validated again (which might fail). This specifically works if the one handing out the "positive validation token" can say for how long it is valid. I.e. for me the first mistake in design of trust systems is to think one can use irrevocable tokens. The second that revocation lists works. But that is an implementation issue of the major issue you bring up -- which once again I agree with. Patrik
My biggest fear is the use of eID to basically "identify" yourself. From what I know, the eID is the highest form of "identification" you can have.
From a scale from 1-4, an eID is the highest form of trust you can give ( http://web.archive.org/web/20150915011249/http://www.itl.nist.gov/lab/bullet...). Using that just to authenticate yourself on websites to prevent fake online reviews is like shooting a fly with a shotgun.
Knowing a username + password already gives you a level 1 clearance, buying a product already gives level 2 clearance (proof that you have the object). Having a eID that can issue tokens for you gives you a level 3 clearance (that person is real, for sites like facebook), signing with the eID is level 4 (if you want to fill in tax forms). Revoking a key requires that the the revocation signatures are also stored online for everyone to see (in case of identity theft). So, the question is: How much trust do you need to have in the other party? Amazon only needs to verify that you actually bought the goods before flagging you as a "verified purchaser", to prevent fake reviews. They don't need to know my real name, just me logging in + a receipt of the goods I bought. The case of actually using an "eID" is only valid when you want to verify the identity of that user, for example when you want to get a loan or when you need to be reasonably sure that the other party is really a client of yours (eg: a bank). Otherwise, I would not see any benefit of having some sort of "eID" for authentication. On Sun, May 1, 2016 at 5:22 PM Nick Hilliard <nick@inex.ie> wrote:
Patrik Fältström wrote:
What is irritating with just that snippet on top of page 12 you reference is that they say in more or less the same sentence that it is important to decide who to trust, while one should be told to trust whatever eID Brussels decides on.
That snippet, and the paragraph before it, are very confused pieces of thinking.
In particular, online platforms need to accept credentials issued or recognised by national public authorities, such as electronic ID cards, citizen cards, bank cards or mobile IDs. [...] Further, the Commission will draw up a plan to strengthen public authorities' capacity to process and analyse large-scale data to support the enforcement of EU single market policies and to ensure platform users are more aware of the data collected by platforms and how it is used.
The paper then mention fake online reviews as being an example that deserves particular merit. In the long list of things which cause erosion of trust, fake online reviews are pretty far down.
Apart from the concerns you mentioned, there is a complete lack of understanding about the stupidity of using:
1. very widely or universally accepted access credentials. The more widely accepted an access token is, the more damage you can do by compromising the token.
2. irrevocable tokens (e.g. biometrics in national ID cards) as trust credentials on the Internet. One of the centre-pieces of trust is that it can be revoked. If something cannot be untrusted, it should not be trusted in the first place.
In either case, it would be pretty catastrophic if trust databases of this form were compromised. The more widely used a trust database is, the more valuable it is and the more likely it is to be viewed as an interesting target by threat actors, whether state or criminal.
Overall, while the intentions of this suggestion cannot be doubted, the idea of mandating wide acceptance of eIDs seems to be an extremely unwise plan of action.
Nick
participants (6)
-
GLORIOSO Andrea (EEAS-WASHINGTON) -
Gordon Lennox -
Jim Reid -
Julius ter Pelkwijk -
Nick Hilliard -
Patrik Fältström